Proponents of Canada's Bill C-30, otherwise known as the Protection Children from Internet Predators Act, say that it will merely bring the country in line with other nations that have some form of lawful access and data preservation and retention legislation.
This is precisely why Canadians should be worried if Parliament decides to let the bill pass in its present form.
The UK lawful access experience
There is no shortage of research which indicates that implementation of an online surveillance regime in the European Union and the United States have been fraught with flaws, abuse and costs ultimately shouldered by Internet Service Providers tasked by government to essentially snoop on their customers.
More than 10 years ago the United Kingdom passed the Regulation of Investigatory Powers Act (RIPA) to extend law enforcement agencies’ access to communication systems to help police battle crime and terrorist-related activities. Under a voluntary code of practice, ISPs retain data such as content of email servers, email server logs, IP addresses, SMS messages and others from six to 12 months.
Reports from the Interception Commissioner, which provides a yearly assessment of interception of communication traffic, indicate that a growing number of “interception errors,” according to a paper written by Christopher Parsons of the Political Science Department at the University of Victoria.
In 2007, there were 24 interception errors and breaches found which the Commissioner deemed to be “to high” according to Parsons.
In 2009, 36 interception errors and breaches attributed to the General Communications Headquarters, the Secret Service, Her Majesty’s Revenue and Customs, the Serious Organized Crime Agency, The Scottish Government, the Metropolitan Police Counter Terrorism Command and the National Technical Assistance Centre. During this year there were a total of 525,130 requests for communications data that resulted in 661 reported errors.
Related Story - Lawful access ‘enormous financial burden’ for business
Furthermore, Parsons found that the requested data was not always used to deter crime. In the instance of one family subjected to excessive surveillance (21 acts in three weeks) data was requested to determine the family’s eligibility to send their children to a local school.
A report released by the U.K-based civil liberties group Big Brother Watch paints a troubling picture of how law enforcement agents handle data that passes through their hands.
The organization found that between 2007 and 2010:
-243 police offices and staff received criminal convictions for breaching the country’s Data Protection Act (DPA) -98 police officers and staff were terminated for breaching DPA -904 police officers and staff were subjected to internal disciplinary procedures for breaching DPA
In one notable case, no less than 208 officers and staff received legal caution for viewing computer records related to a high profile crime. In another, a staff member was dismissed for discussing policing information on Facebook. Numerous others were found to have accessed criminal records and personal data for no obvious policing purposes.
US CALEA was heavy burden
In the United States, the problem is more significant, according to Parsons who says the country “suffers from endemic inappropriate surveillance.” He said the National Security Agency (NSA) reportedly runs a warrantless wiretapping system with the assistance of major telecom providers such as AT&T. A large amount of the surveillance conducted by state and federal agencies go unreported.
“Without reports, it is challenging to determine if access was appropriate or necessary,” he said.
Back in 1994, the U.S. enacted the Communications Assistance for Law Enforcement Act (CALEA) which imposed interception capabilities on telecom service providers. Today, The Defence Department continues to call for ISPs to retain data for two years. The department is also developing a system for monitoring Internet traffic and federal law enforcement is requesting the extension of CALEA to include other providers such as Facebook and Skype.
If we would like to have an idea of how much it might cost Canadian ISPs to retrofit existing networks to facilitate the “snoop and scoop” activities outlined in Bill C-30, we can look to the U.S. as well for an example.
In addition to data storage CALEA also required providers to make their systems “intercept ready”. Prior to CALEA enactment the industry estimated this would cost them between $3 and $5 billion, the FBI’s estimate was around $500 million to $1 billion. Since then industry has lowered its estimate to $1.3 billion, but Parsons notes that this figure did not include VoIP-based communications.
In Canada, small ISPs have repeatedly voiced concerns that compliance with to lawful access legislation will be a costly burden.
But it is not only the financial cost that businesses should be worried about. Requiring providers to render their systems “surveillance ready” will introduce security vulnerabilities to their systems.
Requiring companies to build a “backdoor” for law enforcement agencies to access their networks and accomplish a data dump creates a single “point of failure” which hackers can exploit, according to John Villasenor, professor of electronics engineering at the University of California.
It might be argued that a surveillance technology that cannot be penetrated by hackers can be securely built. If Bill C-30 is about trusting those in charge, I’m a bit worried. The current track record of government agencies both here and in the U.S. in protecting their own networks against breaches is not very encouraging.
In 2011, the Central Intelligence Agency’s own Web site was taken down by the hackers group LulzSec. The same group stole 180 passwords of members of an FBI affiliate.
That same, hackers believed to be based in China, launched a cyber attack on several Canadian government departments to steal classified information.
Yes, I agree we should look at other nations that have implemented their online surveillance laws. I think if we look closely we’ll probably find more reasons not to rush towards having one.
Nestor Arellano is a senior writer for ITBusiness.ca. Follow him on Twitter, read his blogs and join the ITBusiness.ca Facebook Page.
Comments
Thelaughingman Fucu said: Stephen Harper, Rob Nicholson, John Baird and Vic Toews, along with the rest of the Conservatives are liars, cheats and thieves. They are fascists and would turn our country into an Orwellian nightmare! Canada needs to rise up and occupy the parliament, remove the Conservatives from power, followed by some good old fashion tarring and feathering, finish with banishing from Canada! Finally Canadians need some laws that allow us to force referendums on the government and punish corrupt politicians who think they can screw with their people, their employers, you and me! People shouldn't fear the government, the government should fear the people!
Rwolf said: Canada, Britain & U.S. Government want to Spy On ItsCitizens’/ Electronic Communications? The Canadian (Commons recent BillC-30) would—give any Canadian police officer without a warrant—the power torequest Internet service providers turn over customer information (see section17 of C-30) cause the same loss of electronic privacy and civil liberties thatBritish Government recently proposed—to spy on Brits’ electroniccommunications. Is it coincidence the British and Canadian proposals appear tomirror legislation U.S. Government said it wanted passed in 2011 to spy on U.S.Citizens?Overlooked by mainstream media is that Britain and Canada signed with the U.SGovernment an array of (Asset Forfeiture Sharing Agreements) to share withCanadian and British Police/Governments assets seized from Brits, Canadians andAmericans that resulted from e.g., evidence or information gleaned fromelectronic surveillance of Citizens’ communications, e.g., emails, faxes,Internet actively, phone records including GPS tracking.Compare with U.S. Government’sproposal to electronically monitor, spy on Americans without a warrant—withCanada’s recent eavesdropping (Bill C-30) and British Government’s plan to spyon its Citizens’ electronic communications.U.S. Government wants the power to (introduce as evidence) in criminalprosecutions and government civil trials, any phone call record, email orInternet activity. That would open the door for Police to take out of contextany innocent—hastily written email, fax or phone call record to allege a crimeor violation was committed to cause a person’s arrest, fines and or civil assetforfeiture of their property. There are more than 350 laws and violations thatcan subject property to government asset forfeiture. Government civil assetforfeiture requires only a civil preponderance of evidence for police toforfeit property, little more than hearsay. If the U.S. Justice Department has its way, any information the FBI derivesfrom circumventing the Fourth Amendment, i.e. (no warrant searches) of WebServer Records; a Citizen’s Internet Activity, personal emails; fax / phonecalls may be used by the FBI for (fishing expeditions) to issue subpoenas inhopes of finding evidence or to prosecute Citizens for any alleged crime orviolation. Consider that neither Congress nor the courts—determined what Bush IINSA electronic surveillance, perhaps illegal could be used by police orintroduced into court by government to prosecute Americans criminally orcivilly. If U.S. Justice Department is permitted (No-Warrant) surveillance ofall electronic communications, it is problematic state and local lawenforcement agencies and private government contractors will want access toprior Bush II NSA and other government illegally obtained electronic recordsnot limited to—Americans’ Internet activity; private emails, faxes and phonecalls to secure evidence to arrest Americans, assess fines and or civillyforfeit their homes, businesses and other assets under Title 18USC and otherlaws. Of obvious concern, what happens to fair justice in America if policebecome dependent on “Asset Forfeiture” to help pay their salaries and budgetoperating costs?The “Civil Asset Forfeiture Reform Act of 2000” (effectively eliminated) the“five year statue of limitations” for Government Civil Asset Forfeiture: thestatute now runs five years (from the date) police allege they “learned” anasset became subject to forfeiture. It is foreseeable should (no warrant)government electronic surveillance be approved; police will relentlessly siftthrough business and Citizen’s (government retained Internet data), emails andphone communications to discover possible crimes or civil violations. A corruptdespot U.S. Government can too easily use no-warrant—(seized emails, Internetdata and phone call information) to blackmail Americans, corporations andothers in the same manner Hitler utilized his police state passed laws toextort support for the Nazi fascist government, including getting parliament topass Hitler’s 1933 Discriminatory Decrees that suspended the ConstitutionalFreedoms of German Citizens. A Nazi Government threat of “Property Seizure”Asset Forfeiture of an individual or corporation’s assets was usuallysufficient to ensure Nazi support. Under U.S. federal civilforfeiture laws, a person or business need not be charged with a crime forgovernment to forfeit their property. Most U.S. Citizens, property and businessowners that defend their assets against Government Civil Asset Forfeiture claiman “innocent owner defense.” This defense can become a criminal prosecutiontrap for both guilty and innocent property owners. Any fresh denial of guiltmade to government when questioned about committing a crime “even when you didnot do the crime” may (involuntarily waive) a defendant’s right to assert intheir defense—the “Criminal Statute of Limitations” past for prosecution; anyfresh denial of guilt even 30 years after a crime was committed may allowGovernment prosecutors to use old and new evidence, including informationdiscovered during a Civil Asset Forfeiture Proceeding to launch a criminalprosecution. For that reason many innocent Americans, property and businessowners are reluctant to defend their property and businesses against GovernmentCivil Asset Forfeiture. Re: waiving Criminal Statute of Limitations: see USC18, Sec.1001, James BroganV. United States. N0.96-1579. U.S. See paragraph (6) at: http://www.law.cornell.edu/sup...